SunloginClient[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SunloginClient.exe
Size

6.8MB
MD5

ac2eb2969dddb68f7d56355a6d728081
SHA1

99e5eb805d4af560c05d60d6ffe8d886790f25ee
SHA256

36d9a9ac92ea80b3832e25205305a4a03798712322f7cd1d3e42641a30059328
SHA512

77026ee250f48cefb6a7f92a2cda49aeaf5a49ce7eaf4e33202279f28f094bd4e25ef7b71ff6d764e0bc32e3a4b0bd5566a1ec621b26266e73da53fbfce2e73c
SSDEEP

49152:ekq22TAT921KDjjPHe/7ZPaeDpA1f0N35beVfk7J1MYGyu4Xb6eCpqzu0rww407a:wTATQ/7bn6YGX4D/GhPkuKH9zxcHX

Score

1^/10

Malware Config

Signatures

Files

SunloginClient.exe
.exe windows:5 windows x64 arch:x64

8de3fdfa467a1f22dd04d08583517c8d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:49:d8:42:5a:e2:cf:1a:de:a4:c7:0e:c5:a7:fd:b6
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/03/2020, 00:00

Not After

04/04/2023, 12:00

Subject

SERIALNUMBER=91310110787862412B,CN=Shanghai Best Oray Information S&T Co. Ltd.,OU=IT部,O=Shanghai Best Oray Information S&T Co. Ltd.,POSTALCODE=200000,STREET=上海市杨浦区国定路335号1号楼9层,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:d2:bd:c9:a5:b2:32:ed:a5:15:6d:45:fe:b4:cb:58
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/03/2020, 00:00

Not After

04/04/2023, 12:00

Subject

SERIALNUMBER=91310110787862412B,CN=Shanghai Best Oray Information S&T Co. Ltd.,OU=IT部,O=Shanghai Best Oray Information S&T Co. Ltd.,POSTALCODE=200000,STREET=上海市杨浦区国定路335号1号楼9层,ST=Shanghai,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13085368616e67686169,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:18:ec:b6:74:e8:97:06:9b:5e:91:95:1c:1f:1c:d3:a1:01:d6:db:b6:1f:d7:21:41:69:5e:2f:1d:bb:5b:16
Signer

Actual PE Digest

22:18:ec:b6:74:e8:97:06:9b:5e:91:95:1c:1f:1c:d3:a1:01:d6:db:b6:1f:d7:21:41:69:5e:2f:1d:bb:5b:16

Digest Algorithm

sha256

PE Digest Matches

true

61:b6:95:80:96:a0:08:6a:08:ca:90:d8:ca:f5:aa:84:35:7d:95:75
Signer

Actual PE Digest

61:b6:95:80:96:a0:08:6a:08:ca:90:d8:ca:f5:aa:84:35:7d:95:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime

winspool.drv

AddPrinterA
ClosePrinter
EnumPrintProcessorsW
GetPrintProcessorDirectoryA
DeletePrinter
EnumPrinterDriversW
OpenPrinterA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

kernel32

MapViewOfFile
GlobalUnlock
TryEnterCriticalSection
WritePrivateProfileStringW
WritePrivateProfileStringA
LocalAlloc
LocalFree
CreateDirectoryA
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
WriteConsoleW
SetEndOfFile
GetCurrentDirectoryW
MoveFileExW
SetStdHandle
ReadConsoleW
FlushFileBuffers
GlobalAlloc
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
SetFilePointerEx
GetConsoleCP
GetConsoleMode
GetFileAttributesExW
GetFileType
GetTempPathA
UnmapViewOfFile
OpenFileMappingW
GetFileAttributesW
CreateMutexW
lstrlenW
CreateRemoteThread
FlushInstructionCache
VirtualAllocEx
GetNativeSystemInfo
VirtualAlloc
CompareFileTime
VirtualFree
SetLastError
VirtualProtect
WriteProcessMemory
GetExitCodeThread
OpenEventW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetProcessId
GetVersionExW
TlsFree
TlsGetValue
CreateThread
TlsAlloc
ResumeThread
SetThreadPriority
TlsSetValue
IsDebuggerPresent
GetStdHandle
SystemTimeToTzSpecificLocalTime
FindResourceW
LoadResource
CreateFileMappingW
LockResource
FileTimeToSystemTime
GetModuleFileNameW
GetUserDefaultLangID
SizeofResource
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
WriteFile
CreateNamedPipeA
ReadFile
Sleep
GetTickCount
GetModuleHandleA
FileTimeToDosDateTime
GetFileTime
GetSystemTimeAsFileTime
WideCharToMultiByte
DeleteFileW
MultiByteToWideChar
FindClose
OutputDebugStringA
FindNextFileW
FindFirstFileW
GetModuleFileNameA
SetUnhandledExceptionFilter
GetCurrentProcessId
GetLocalTime
LoadLibraryW
GetCurrentThread
GetCurrentThreadId
CreateFileW
GetTempPathW
TerminateProcess
GetCurrentProcess
RtlCaptureContext
CreateSemaphoreW
ResetEvent
GetSystemInfo
VerSetConditionMask
VerifyVersionInfoW
DeviceIoControl
GetVersion
QueryPerformanceFrequency
SetEvent
CreateEventW
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
ReleaseSemaphore
QueryPerformanceCounter
OpenMutexW
GlobalSize
FreeResource
VirtualQuery
GlobalAddAtomW
WaitForSingleObjectEx
GetStringTypeW
FreeLibraryAndExitThread
ExitThread
GetModuleHandleExW
ExitProcess
GetTimeZoneInformation
CreateDirectoryW
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
GetProcessAffinityMask
SetConsoleTextAttribute
EnterCriticalSection
FreeLibrary
GetProcessHeap
DeleteCriticalSection
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
LoadLibraryA
GetSystemDirectoryA
GetLastError
HeapSize
ReleaseMutex
WaitForSingleObject
CreateMutexA
InitializeCriticalSectionAndSpinCount
HeapFree
GetDiskFreeSpaceExW
GetModuleHandleW
CreateProcessW
GlobalLock
FindResourceExW
GlobalFree
GetConsoleScreenBufferInfo
lstrcpyA
GetSystemTime
GetTempFileNameA
SetConsoleCtrlHandler
ProcessIdToSessionId
OutputDebugStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
TerminateThread
SetEnvironmentVariableA
GetThreadPriority
EnumSystemLocalesW
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
LoadLibraryExA
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer

user32

WindowFromPoint
SetActiveWindow
GetKeyState
IsRectEmpty
OffsetRect
SetRectEmpty
RegisterWindowMessageW
IntersectRect
MsgWaitForMultipleObjects
RegisterClipboardFormatW
DrawIcon
GetClientRect
SetWindowsHookExW
SetPropW
UnhookWindowsHookEx
RemovePropW
CallNextHookEx
GetPropW
GetUpdateRgn
ChangeDisplaySettingsExW
ExitWindowsEx
EnumDisplaySettingsExA
ChangeDisplaySettingsExA
SetWindowPos
PeekMessageW
GetClassInfoW
VkKeyScanW
RegisterClassW
GetDoubleClickTime
BlockInput
EnumWindows
MessageBoxW
GetDC
GetWindowLongW
GetWindowThreadProcessId
PostMessageW
IsWindowVisible
GetIconInfo
GetKeyboardState
ShowWindow
IsWindow
OpenClipboard
CloseClipboard
EmptyClipboard
AttachThreadInput
GetForegroundWindow
GetClipboardData
SetClipboardData
SystemParametersInfoW
SetForegroundWindow
ReleaseDC
FindWindowExW
SendMessageW
UnregisterClassW
GetParent
SwapMouseButton
GetSysColor
DrawTextW
DrawIconEx
EnumDisplaySettingsW
EnumDisplayDevicesW
LockWorkStation
GetCursorPos
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
GetThreadDesktop
SetThreadDesktop
SendInput
GetGUIThreadInfo
GetClassInfoExW
PostThreadMessageW
LoadCursorW
TranslateMessage
ClientToScreen
DispatchMessageW
RegisterClassExW
GetWindowLongPtrW
CreateWindowExW
SetWindowLongPtrW
MapVirtualKeyW
CallWindowProcW
DefWindowProcW
GetMessageW
SetCursorPos
PtInRect
KillTimer
SetWindowLongW
SetLayeredWindowAttributes
GetDialogBaseUnits
DialogBoxIndirectParamW
SetTimer
DestroyWindow
GetWindowRect
RegisterClipboardFormatA
GetPriorityClipboardFormat
GetSystemMetrics
GetCursorInfo
OpenInputDesktop
EnumDisplaySettingsA
GetMonitorInfoA
EnumDisplayMonitors
SetRect
GetMonitorInfoW
ChangeClipboardChain
GetClipboardOwner
SetClipboardViewer
PostQuitMessage
InvalidateRect

gdi32

CreateRectRgn
GetRegionData
SetRectRgn
SetDIBColorTable
StretchBlt
CreateRectRgnIndirect
SelectClipRgn
CombineRgn
GetRgnBox
GdiFlush
SetDIBitsToDevice
ExtEscape
GetDIBColorTable
CreateDCW
GetDIBits
BitBlt
CreateFontW
LineTo
CreatePen
Rectangle
MoveToEx
Ellipse
CreateSolidBrush
CreateDIBSection
GetStockObject
SetTextColor
SetBkMode
GetDeviceCaps
SelectObject
CreateCompatibleDC
DeleteDC
GetObjectW
DeleteObject
CreateFontIndirectW

advapi32

UnlockServiceDatabase
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
FreeSid
AddAce
IsValidSid
GetSecurityDescriptorOwner
CopySid
GetSecurityDescriptorControl
GetSecurityDescriptorGroup
AllocateAndInitializeSid
GetAclInformation
GetSecurityDescriptorDacl
CreateWellKnownSid
BuildTrusteeWithSidW
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
RegCreateKeyW
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclW
EnumServicesStatusW
QueryServiceStatus
MakeAbsoluteSD
CloseServiceHandle
OpenSCManagerW
LockServiceDatabase
ControlService
StartServiceW
QueryServiceConfigW
ChangeServiceConfigW
OpenServiceW
QueryServiceStatusEx
LookupPrivilegeValueW
AdjustTokenPrivileges
CheckTokenMembership
SetTokenInformation
CreateProcessAsUserW
GetUserNameW
DuplicateTokenEx

shell32

SHGetFolderPathW
SHCreateDirectoryExW
DragQueryFileW
DragQueryPoint
ord727
SHGetFileInfoW
ShellExecuteExW
CommandLineToArgvW

ole32

CoUninitialize
OleInitialize
RegisterDragDrop
OleUninitialize
ReleaseStgMedium
OleSetClipboard
DoDragDrop
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString

shlwapi

PathFindExtensionW
StrStrIW
PathFileExistsA
PathRemoveFileSpecW
PathFileExistsW
PathRemoveFileSpecA

userenv

CreateEnvironmentBlock

ws2_32

WSACleanup
WSAGetLastError
ioctlsocket
htons
htonl
recv
getservbyname
inet_ntoa
connect
ntohs
socket
send
getservbyport
gethostbyaddr
inet_addr
WSAStartup
WSASetLastError
select
gethostbyname
getsockopt
__WSAFDIsSet
accept
bind
shutdown
listen
getsockname
setsockopt
getpeername
closesocket

dbghelp

SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleInfo64
SymGetModuleBase64
SymCleanup
StackWalk64
SymInitialize
SymGetSymFromAddr64

gdiplus

GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapLockBits
GdiplusShutdown
GdiplusStartup
GdipDrawImageI
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipFree
GdipGetImagePixelFormat
GdipDisposeImage
GdipGetImagePalette
GdipAlloc
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipCloneImage
GdipGetImagePaletteSize
GdipGetImageHeight

msimg32

TransparentBlt
AlphaBlend

powrprof

GetCurrentPowerPolicies

hid

HidP_GetCaps
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetHidGuid
HidD_GetAttributes

Sections

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8de3fdfa467a1f22dd04d08583517c8d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

08:49:d8:42:5a:e2:cf:1a:de:a4:c7:0e:c5:a7:fd:b6Certificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

06:d2:bd:c9:a5:b2:32:ed:a5:15:6d:45:fe:b4:cb:58Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

22:18:ec:b6:74:e8:97:06:9b:5e:91:95:1c:1f:1c:d3:a1:01:d6:db:b6:1f:d7:21:41:69:5e:2f:1d:bb:5b:16Signer

61:b6:95:80:96:a0:08:6a:08:ca:90:d8:ca:f5:aa:84:35:7d:95:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

winmm

winspool.drv

setupapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

ws2_32

dbghelp

gdiplus

msimg32

powrprof

hid

Sections

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 36KB - Virtual size: 1.2MB

.pdata Size: 137KB - Virtual size: 136KB

.rodata Size: 4KB - Virtual size: 3KB

.gfids Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 312KB - Virtual size: 311KB

.reloc Size: 30KB - Virtual size: 30KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

08:49:d8:42:5a:e2:cf:1a:de:a4:c7:0e:c5:a7:fd:b6
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

06:d2:bd:c9:a5:b2:32:ed:a5:15:6d:45:fe:b4:cb:58
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

22:18:ec:b6:74:e8:97:06:9b:5e:91:95:1c:1f:1c:d3:a1:01:d6:db:b6:1f:d7:21:41:69:5e:2f:1d:bb:5b:16
Signer

61:b6:95:80:96:a0:08:6a:08:ca:90:d8:ca:f5:aa:84:35:7d:95:75
Signer

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 36KB - Virtual size: 1.2MB

.pdata
Size: 137KB - Virtual size: 136KB

.rodata
Size: 4KB - Virtual size: 3KB

.gfids
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 312KB - Virtual size: 311KB

.reloc
Size: 30KB - Virtual size: 30KB